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Method to authenticate a mobile station, a communications system and a mobile 
station 



The target of the invention is the method to authenticate a mobile station specified 
5 in the preamble of the claim 1, the commimications system specified in the 
preamble of the claim 9 and the mobile station specified in the preamble of the 
claim 11. 

Known authentication and key agreement protocols are based either on symmetric 
or public key cryptography and a trusted third party. In GSM the authentication and 

10 encryption key agreement is based on symmetric key and a tmsted third party. The 
method using symmetric key require the existence of an agreed secret between 
communicating parties or with a server as the third party. In GSM the mobile station 
of the subscriber shares a secret subscriber authentication key Ki with a trusted au- 
thentication centre AC. The authentication of the mobile station is based on the use 

15 of a one-way function A3 and a ciphering key is derived from the shared Ki in 
the mobile station and the authentication centre. 

Figiure 1 shows a prior art authentication arrangement of GSM mobile networks, 
where there is an Authentication Centre AC 1, a Home Location Register HLR 2, 
Visitor Location Register VLR 3, Base Transmitter Station BTS 4 and Mobile 
20 Equipment ME 5, where number 6 is a Subscriber Identity Module SIM. 

The method by the arrangement operates as follows: Authentication Centre 1 forms 
a Random Nxmiber RAND, that is used with subscriber authentication key Ki to 
form an authentication triplet 7. The authentication triplet 7 comprises random 
number RAND directly from the RAND above. Signed Response SRES formed 

25 with a one-way function A3 la from the subscriber authentication key Ki and 
ciphering key Kc formed with one-way function A8 lb from the RAND above. The 
authentication triplet 7 is sent to Home Location Register HLR 2 and then to Visitor 
Location Register VLR 3. The RAND of the authentication triplet 7 is sent from the 
VLR 3 to the Subscriber Identity Module SIM 6 in the Mobile Equipment ME 5 to 

30 form a key corresponding to the ciphering key Kc in the same authentication triplet 
7. The above key is formed by one-way function A8 6b in SIM 6 and processed 
more by one-way function A5 8 in ME 5 to exchange with the Kc of the 
authentication triplet 7 processed by one-way function A5 8 in the Base Transmitter 
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Station 4. Also subscriber authentication key Ki of the SIM 6 is used to form a 
signed response corresponding to the SRES in the above authentication triplet 7 in 
the VLR 3. This signed response is directly sent to the VLR 3 to compare it with the 
SRES to complete the authentication. 

5 Formerly is also known User-to-User Signalling (UUS) that is defined for Integrated 
Services Digital Network (ISDN) and is being defined for GSM network. The UUS 
is defined for GSM in ETSI (European Telecommunications Standards Institute) 
specification Digital celMar telecommunications system (Phase 2+); User-to-User 
Signalling (UUS); Service description. Stage 1 (GSM 02.87). 

10 The UUS supplementary service allows the served subscriber to send to or receive 
fi-om another user a limited amoimt of information. This information is generated by 
the subscriber and shall be passed transparentiy tiirough the network. With the word 
transparentiy is meant that no modification to the contents is made. Normally the 
network does not interpret this information. 

15 The served subscriber is able to send and receive User-to-User Information (UUI) in 
different phases of the call depending on what service subscriber uses. Possible 
services are: 

Service 1: UUI can be sent and received during the origination and termination of a 
call, with UUI embedded within call control messages. The service 1 can be acti- 
20 vated implicit by inserting UUI when set-up a call or explicit with an appropriate 
procedure. 

Service 2: UUI can be sent and received after the served subscriber has received an 
indication that the remote party is being informed of the call and prior to the 
establishment of the connection. UUI sent by the served subscriber prior to 
25 receiving the acceptance of the call by the remote party, may as a network option be 
delivered to the remote party after the call has been established. The service 2 shall 
be activated explicitiy. 

Service 3: UUI can be sent and received only while the connection is estabhshed. 
The service 3 shall be activated explicitly. 



30 Services 1 to 3 shall allow the transmission of UUI with the maximum length of 128 
octets per message. In some networks as ISDN the maximvun length is only 32 
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octets. The USER ESFFOrmation message between GSM mobile station and Mobile 
Switching Centre (MSG) can have 128 octets of user data while the messages for 
call setup and release can have 32 octets of user data. Messages for call setup and 
release include f ex. SETUP, PROGRESS, ALERT, CONNECT, DISCONNECT, 
5 RELEASE, RELEASE COMPLETE. 

A problem in the known arrangements in mobile networks is that only secxirity para- 
meters required in the establishment of confidentiality on the air interface are 
exchanged. Parameters for other information security features as integrity on air 
interface are not agreed. 

10 A problem in the shared-key authentication and key agreement procedures is the 
agreed secret and in some circumstances needed coimection to the trusted third 
party during the execution of the protocol. 

The objective of the invention is to avoid disadvantages of the prior art solutions by 
bringing out a new authentication and key agreement for mobile communications 
15 systems to implement an end-to-end secure transmission. 

What is characterizing to the method according to the invention is presented in 
claim 1. What is characterizing to the commxmications system of the invention is 
presented in claim 9. What is characterizing to the mobile station of the invention is 
presented in claim 11. Preferable embodiments of the invention are described in the 
20 dependent claims. 

The invention concerns a method to authenticate a mobile station in a mobile net- 
work. According to the invention the mobile station is authenticated using user-to- 
user data exchange. This can be done during call setup or call. 

In one embodiment of the method also an encryption key is agreed between mobile 
25 stations. 

The invention concems also a cellular communications system, where the first and 
second mobile stations (A, B) are connected wireless with via base stations. Accord- 
ing to the invention the cellular communications system comprises a first mobile 
station (A), that constructs and sends a first message (Mi), receives and verifies the 
30 validity of a second message (Ma) and when the information is verified valid 
accepts to share a shared encryption key K, constructs and sends a third message 
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(Ms), a second mobile station (B), that receives the first message (Mi) and 
constructs and sends the second message (M2), receives and verifies the validity of 
the third message (M3) and when the information is valid accepts to share the shared 
encryption key K with the first mobile station (A), and at least one mobile switching 
5 centre. 

The invention concerns also a mobile station. According to the invention the mobile 
station comprises a processor to perform operations needed to form and verify 
messages (Mi, M2, M3), to implement authentication and key agreement procedures, 
a memory, where procedures and messages are stored with necessary parameters 
10 and variables, output means, on which commencement of extra secure communi- 
cation is presented to a user of the mobile station, input means to enable validation 
of the extra secure communication^ a transmitter/receiver and an anterma to trans- 
form information to radio waves from digital signals and vice versa. 

An advantage of the invention is that the traffic between the commimicating mobile 
15 stations is protected autonomously with public-key based authentication and key 
agreement mechanisms. 

The invention is described in detail in the following by referring to the appending 
drawing, where 

figure 1 presents a prior art arrangement in a flow chart, 

20 figure 2 presents a method of the invention in a signalling diagram, 

figure 3 presents a signalling diagram of an authentication and key agreement 
protocol. 



figure 4 presents communication system of the invention, and 

figiure 5 presents essential parts of mobile station accroding to the invention in a 
25 block diagram. 

Figure 1 is described in the prior art portion of the text. 



Figure 2 shows an authentication and key agreement protocol. The protocol is 
started when an input is given to trigger extra secure transmission. The parenthesis 
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after the name of the message contain the name of the part of the message where the 
carried information is included and the name of the information. First the calling 
mobile station (MS) 9 sends a SETUP(UUS(service code)) message to the first 
Mobile Switching Centre (MSG) 10. The SETUP message contains in a User-to- 
5 User Information (UUl) element a service code indicating the encryption key 
management service encoded by the calling mobile station 9. The UUI element is 
transferred with the User-to-User Signalling (UUS). The first MSG 10 sends the 
user-to-user information via the Integrated Service Digital Network (ISDN) User 
Part (ISUP) signalling in an Initial Address Message (lAM) (UUS(service code)) to 

10 the second MSG 11 to which the called mobile station 12 is connected. This 
signalling between two MSGs 10, 1 1 is only needed when the two mobile stations 9, 
12 are connected to different MSGs 10,11. The first MSG 10 responds to the caUing 
mobile station 9 with a GALL PROGeeding message and the second MSG 1 1 sends 
a SETUP(UUS(service code)) message formed by the data fi-om the first SETUP 

15 message to the called mobile station 12. Now the mobile station informs the user 
about an extra secure call. The called mobile station 12 responds to the second MSG 
11 with a GALL GONFirmed and an ALERT(UUS(service acc.)) message meaning 
that the terminal equipment is alerting the subscribed user. Information whether the 
called mobile station 12 accepts the extra secure conrnnmication is delivered in the 

20 ALERT message. The ALERT message is led to the calling mobile station 9 to 
inform the alerting and the possible acceptance. The information is transferred if 
needed between two MSGs 11, 10 in an ISUP Answer Message (ANM). In case the 
extra secure commimication is not applied preferably a normal call setup is con- 
tinued or the call setup is aborted. This can be commenced by a decision of the user 

25 or of the logic of the mobile station 9 or of the logic of the MSG 10. 

If the extra secure conmiimication is accepted the service, the authentication and the 
key agreement protocol related information is exchanged between the two mobile 
stations 9, 12 in the USER INFOrmation message of GSM and ISUP. First the 
USER INFO(UUS(Mi)) message is transferred from the calling mobile station 9 
30 through MSGs 10, 11 to the called mobile station 12. Then the USER 
INFO(UUS(M2)) message is transferred from the called to the caller and the USER 
INFO(UUS(M3)) message is transferred fi-om the caller to the called. If one or more 
of the messages Mi, M2, M3 is longer than the space m one USER INFO message 
carrier several USER INFO messages are used for transportation. 

35 At last, during the call setup the called mobile station 12 sends a 
GONNEGT(UUS(data)) message to the MSG 1 1 it is connected with. And the MSG 
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1 1 responds with a CONNECT ACKnowledgement message to the called mobile 
station 12. Then if needed the MSC 1 1 sends an AMN(UUS(data)) message to 
another MSC 10. The MSC 10 connected with the calling mobile station 9 sends a 
CONNECT(UUS(data)) message to the calling mobile station 9 and receives a 
5 CONNECT ACKnowledgement message. If User-to-User Signalling data 
UUS(data) is not needed at this stage plain CONNECT and AMN messages or 
messages with empty UUS(data) fields are used. It is possible to transfer more User- 
to-User Information now after the call is connected. The encryption algorithms can 
be applied to this information. 

10 Alternatively, the security parameters can be exchanged after call setup during the 
call. In this option the call can be setup normally. When either subscriber wants to 
start extra secure commimication during the conversation or data exchange, the 
subscriber initiates the secure communications e.g. by pressing the keys of the 
keyboard and the security parameters are exchanged using User-to-User Signalling. 

15 Figure 3 shows a signalling diagram of one authentication and key agreement proto- 
col that can be used in the inventive method. The messages Mi, M2, M3 are shovm 
witiiout reference to the User-to-User Signalling (UUS) that the transmission is 
based on. The references A and B cite to the mobile stations in this station-to-station 
protocol. The references 1. to 6. cite to the steps performed while progressing. 

20 Subscribers A and B need an agreement on a key for extra secxire connection. The 
protocol works followingly: 

In step 1 the subscriber A initiates the protocol and selects a prime number p, a 
generator a of the multiplicative group of integers modulo p when p > a > 2 and a 
random secret x when p-2 > x > 1. Then A constructs and sends to B the message 
25 Ml containing 

a^p^a^ mod/7. 

In step 2 the subscriber B receives the message Mi and afterwards generates a secret 
y when p-2 > y > 1 and computes a shared key K = (a'')^ mod p. Then B signs the 
concatenation of exponentials {a^ a""} and encrypts the result SBia^a""} with the 
30 shared key leading to EK(SB{a^ a""}). B constructs and sends the message M2 to A in 
step 3 containing 

mod /?, cert^ , {S^ {a^ , } ) . 
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Certificate certe in the message M2 contains the signature verification key of the 
subscriber B. The exact contents of the certificate may differ from the following 
minimum 

5 where pB is the public signature verification key of the subscriber B and St is the 
signature transformation of a trusted authority T whose public signature verification 
key is known by A and B. 

In step 4 the subscriber A receives the message M2 and afterwards computes the 
shared encryption key (a^^ mod p = (a^^ mod p = K. The validity of the certificate 

10 certs is checked by the subscriber A. When the certificate certe is vialid the 
encrypted part EK(SB{a^, a"^}) of the message M2 is decrypted to receive Seja^, a'^} 
and the signature Seja^, a^} is verified with the public signature verification key pe 
of the subscriber B. If the signature is verified valid A accepts to share the shared 
encryption key K with B. If the signature is invalid the execution of the protocol is 

15 cancelled by A. 

In step 5 the subscriber A signs the concatenation of exponentials {a^, a^} and 
encrypts the result SA{a^a^} with the shared key leading to EK(SA{a^ a^}). A 
constructs and sends the message M3 to B in step 5 containing 

20 where certA includes corresponding information with certe of the subscriber A. The 
exact contents of the certificate certA may differ from the following minimum 

cert^ ={B,p^,a,p,Sr{B,p^,a,p)), 

where pA is the public signature verification key of the subscriber A and St is the 
signature transformation of a trusted authority T whose public signature verification 
25 key is known by A and B. 

In step 6 the subscriber B receives the message M3 and verifies the validity of the 
certA, decrypts EA(SA{a^, a^}) and verifies the validity of the signature of SaI^^ a^}. 
If all the signatures are valid B accepts sharing of K with A. If any of the signatures 
is invalid B cancels the execution of the protocol. 
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Also other public key based authentication and key agreement protocols than the 
above presented station-to-station protocol can be used. 

In figure 4 a communications system according to the invention is shown. The 
mobile station 9 of the subscriber A is connected wireless to a base transmitter 
5 station BTS that is connected wired to a base station controller BSC and to a mobile 
switching centre MSG 10. The MSCs 10, 11 are connected with an ISDN network 
together. The MSG 11 and BTS are connected wired and the BTS is connected 
wireless to the mobile station 12 of the subscriber B. Here only the MSCs 10, 1 1 are 
shown to present the logic of the invention. In reality the BTSs and the BSCs are 
10 also present. 

In figure 5 a block diagram of the essential hardware needed to implement a mobile 
station according to the invention is described. The processor 13 perform the 
operations needed to implement the authentication and key agreement procedures 
fi:om the memory 14 where they are stored with necessary parameters and variables. 
15 The commencement of extra secure commimication is presented on the display 15 to 
the user of the mobile station. The validation of the service is done by pushing keys 
on the keyboard 16 or by processor 13. The transmitter/receiver 17 and antenna 18 
is used to transform the information transmitted on radio waves firom digital signals 
and vice versa. 

20 The following example is presented to explain details of the invention when there 
are two different mobile switching centres connected with ISDN network together. 
User-to-User Signalling is used to transfer messages for station-to-station 
authentication and key agreement protocol described above. First the calling mobile 
station 9 encodes a service code indicating the encryption key management service 

25 to the user-to-user information element of the SETUP message and the mobile 
station 9 sends the message to the Mobile Switching Centre (MSG) 10. Then the 
User-to-User Information (UUI) is transferred using the ISDN User Part (ISUP) 
signalling to the MSG 11 where the mobile station of the called subscriber 12 is 
connected if the subscribers are connected to different MSCs 11. The UUI is 

30 transferred to the mobile station 12 of the called subscriber in the SETUP message. 
If the extra secure communication service defined in the UUI is recognized in the 
mobile station 12, the called subscriber is alerted preferably with a sound and 
textual or symbolical way of the service. The user have to allow or refuse the 
service in concem. Information of allowance or refiasal of the service is transferred 

35 in an ALERT message firom the mobile station 12 to the mobile switching centre 1 1. 
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The UUI is transferred to the mobile station 9 of the calling subscriber preferably in 
an ISUP Answer Message (ANM) between the MSCs and in the ALERT message 
on the GSM connection. The calling subscriber is informed of the allowance or 
refusal of the extra secure communication service. If the called subscriber allowed 
5 the use of the service the authentication and key agreement protocol related 
Wormation is exchanged between the two mobile stations using the USER INFO 
messages of GSM and ISDN. If the service is refused the call will be setup normally 
without the extra secure feature or the call will be terminated by user input without 
further setting up. The messages Mi, M2, M3 are then exchanged as described in 
10 detailed descriptions of figures 2 and 3 above. Additional UUI information is 
transferrable between the mobile stations when the call is set up. 

The extra secure communication can be initiated at least in three different ways 
followingly: 1. The user press a key or gives a voice command or gives an activation 
code before dialling a call, 2. A call to a subscriber on a hst is made, and 3. The 
15 user chooses the feature from a menu to be on or off for a longer time. When the 
call is made the ability of the called mobile station to execute the required 
procedures is checked. 

The examples described above are based on the use of the station-to-station 
protocol. The UUS signalling mechanism can be used to transport messages related 
20 to any other public key authentication and key agreement mechanism. It is also 
possible to use the UUS signalling mechanism to transport the messages of the 
shared-key technology based key agreement mechanisms. 

The method of the invention can be used also in other networks that have a 
signalling mechanism between terminal equipment. 
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Claims 

1. A method to authenticate a mobile station in a mobile network, characterized 
in that the mobile station is authenticated with user-to-user data exchange. 

2. A method according to claim 1, characterized in that the data is exchanged 
5 during call setup. 

3. A method according to claim 1, characterized in that the data is exchanged 
during a call. 

4. A method according to claim 1, 2 or 3, characterized in that also an 
encryption key is agreed between two mobile stations. 

10 5. A method according to claim 4, characterized in that the mobile stations 
execute a mutual authentication and key agreement protocol based on pubUc-key 
cryptography. 

6. A method according to claim 5, characterized in that a second mobile station 
(B) is authenticated by 

15 a first mobile station (A) constructing and sending to the second mobile station (B) 
a first message (MO, the second mobile station (B) receiving the first message (Mi), 

constructing and sending a second message (M2) to the first mobile station (A), 

the first mobile station (A) receiving the second message (M2), checking the validity 
of the information in the second message (M2), if the information is verified valid 
20 the first mobile station (A) accepting to share a shared encryption key K with the 
second mobile station (B), the first mobile station (A) constructing and sending a 
third message (M3) to the second mobile station (B), 

the second mobile station (B) receiving the third message (M3) and verifying the 
validity of the information, if the information is valid the second mobile station (B) 
25 accepting the sharing of the shared encryption key K with the furst mobile station 
(A). 
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7. A method according to claim 6, characterized in that the second mobile 
station (B) is authenticated by the first mobile station (A) selecting a prime nimiber 
p, a generator a of a multiplicative group of integers modulo p when p > a > 2 and a 
random secret x when p-2 > x > 1, constructing and sending to the second mobile 
5 station (B) the first message (Mi) containing 

a^p^a"" mod/7, 

the second mobile station (B) receiving the first message (Mi) and afterwards 
generating a secret y when p-2 > y > 1 and computing a second shared key K2 = 
(a"^^ mod p, signing a concatenation of exponentials {a^, a""} and encrypting a result 
10 Sela^a""} with the second shared key leading to EK(SB{a^ a""}), constructing and 
sending the second message (M2) to the first mobile station (A) containing 

mod /?, cert^ , (S^ {a^ , a' } ) , 

certificate certB in the second message (M2) containing a signatxure verification key 
of the second mobile station (B), the exact contents of the certificate beiag of at 
15 least the followiug minimum 

certs =(B,Ps,a,p,Sr{B,Ps,a,p}), 

pB being a public signature verification key of the mobile station B and Sj a signa- 
ture transformation of a trusted authority T whose public signature verification key 
is known in the first and second mobile stations (A, B), 

20 the first mobile station (A) receiving the second message (M2) and afterwards 
computing a first shared encryption key (s!^ mod p = (a"")^ mod p = Ki, checking 
the validity of the certificate certs the first mobile station (A), when the certificate 
certB is valid the encrypted part EK(SB{a^ a""}) of the second message (M2) is 
decrypted to receive a signature SB{a^ a''} and the signature SbW^ a""} is verified 

25 with a public signature verification key Pb of the second mobile station (B), if the 
signature SB{a^, a""} is verified vahd the first mobile station (A) accepts to share the 
shared encryption key Ki with the second mobile station (B), 



the first mobile station (A) signing a concatenation of exponentials {a^ a^} and 
encrypting result SA{a^a^} with the first shared key Ki leading to EK:(SA{a^ a^}). 
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the first mobile station (A) constructing and sending the third message (M3) to the 
second mobile station (B) containing 

certA including corresponding information with certe of the furst mobile station (A), 
5 exact contents of the certificate certA being at least of the following minimimi 

Pa being a public signature verification key of the first subscriber (A) and St a 
signature transformation of a trusted authority T whose pubUc signature verification 
key is known by the first and second mobile stations (A, B), 

10 the second mobile station (B) receiving the third message (M3) and verifying 
validity of the certA, decrypting EA(SA{a^ a^}) and verifying validity of signature of 
SA{a^ a^}, if all the signatures are valid the second mobile station (B) accepting 
sharing of the second shared encryption key K2 with the mobile station A. 

8. A method according to any preceding claim 1 to 7, characterized in that the 
15 data is exchanged through user-to-user signalling. 

9. A cellular conmnmications system, where the furst and second mobile stations 
(A, B) are wireless connected with via base stations, characterized in that it 
comprises 

a first mobile station (A, 9), that constructs and sends a first message (Mi), 
20 receives and verifies the validity of a second message (M2) and when the infor- 
mation is verified vahd accepts to share a shared encryption key K, constructs and 
sends a third message (M3), 

a second mobile station (B, 12), that receives the first message (Mi) and 
constructs and sends the second message (M2), receives and verifies the validity of 
25 the third message (M3) and when the information is valid accepts to share the shared 
encryption key K with the first mobile station (A), and 

at least one mobile switching centre (10, 11). 
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10. A communications system according to claim 9, characterized in that it 
comprises two mobile switching centres (10, 1 1) connected together with ISDN. 

11. A mobile station, characterized in that it comprises 

a processor (13) to perform operations needed to form and verify messages 
5 (Ml, Ml, M3), to implement authentication and key agreement procedures, 

a memory (14), where procedures and messages are stored with necessary 
parameters and variables, 

output means, on which commencement of extra secure commxmication is 
presented to a user of the mobile station, 

10 - input means to enable validation of the extra secure communication, 

a transmitter/receiver (17) and an antenna (18) to transform information to 
radio waves from digital signals and vice versa. 

12. A mobile station according to claim 11, characterized in that the output 
means comprises a display (15). 

15 13. A mobile station according to claim 1 1, characterized Ln that the input means 
comprises a keyboard (16). 

14. A mobile station according to claim 1 1, characterized in that it is designed to 
GSM standards. 

15. A mobile station according to claim 11, characterized in that it is designed to 
20 UTMS standards. 
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(57) Abstract 



The invention relates to a method to authenticate a mobile 
station B in a mobile network, so that the mobile station B 
is authenticated and an encryption key is agreed between 
mobile stations A and B using user data exchange during 
call setup. More specifically the mobile station B is 
authenticated by the mobile station A constructing and 
sending to the mobile station B a message Mi, the mobile 
station B receiving the message Mi, constructing and 
sending a message Ma to the mobile station A, the mobile 
station A receiving the message M2, checking the validity 
of the information in the message M2, if the information is 
verified valid the mobile station A accepting to share a 
shared encryption key K with mobile station B, the mobile 
station A constructimg and sendiug the message M3 to the 
mobile station B, the mobile station B receiving the 
message M3 and verifying the validity of the information, if 
the information is valid the mobile station B accepting the 
sharing of the shared encryption key K with the mobile 
station A. 
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